[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1287507259.6471.82.camel@mdlinux>
Date: Tue, 19 Oct 2010 12:54:19 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-1006-1] WebKit vulnerabilities
===========================================================
Ubuntu Security Notice USN-1006-1 October 19, 2010
webkit vulnerabilities
https://launchpad.net/bugs/660075
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
libwebkit-1.0-2 1.2.5-0ubuntu0.9.10.1
Ubuntu 10.04 LTS:
libwebkit-1.0-2 1.2.5-0ubuntu0.10.04.1
Ubuntu 10.10:
libwebkit-1.0-2 1.2.5-0ubuntu0.10.10.1
After a standard system update you need to restart any applications that
use WebKit, such as Epiphany and Midori, to make all the necessary changes.
Details follow:
A large number of security issues were discovered in the WebKit browser and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of
service attacks, and arbitrary code execution.
Please consult the bug listed at the top of this advisory to get the exact
list of CVE numbers fixed for each release.
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5-0ubuntu0.9.10.1.diff.gz
Size/MD5: 28902 3436d9c6218a4cd1a5754b26d0f6e256
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5-0ubuntu0.9.10.1.dsc
Size/MD5: 2346 9cc885388210502d79ca6655e073f05e
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5.orig.tar.gz
Size/MD5: 6727977 09f04985665b9abf6f0d9956f86a6a31
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-common_1.2.5-0ubuntu0.9.10.1_all.deb
Size/MD5: 615320 20d3e7adda2f5fa5a142a4501280a837
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 139134580 8d73bb5f05a99b76445655c0aff9eb12
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 5751420 31eda9fa73766cef54571ecab5f2c6e0
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 118264 4402376e41a392f18ec26b102a27c4aa
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.9.10.1_i386.deb
Size/MD5: 138270646 ff3700bd6053f18209c8884d0bdc5bc4
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.9.10.1_i386.deb
Size/MD5: 5140872 73f89219225b633f4a866245712e6837
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.9.10.1_i386.deb
Size/MD5: 115628 aa55bd17bfd68286f34a8aac9017839d
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 138495338 f45c9ce9a707fbcf9cf17d3039e9a47f
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 5093272 11a6dd088bde3429ed8bd8e4bd0c2610
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 115612 d3440a9475264109fe7ee7806ad1659b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 138840804 c0d644f5609bb659e5c934725bfa862d
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 5405430 04557727a3bac6037caca9b717b8e218
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 115620 916e4e0e1bf105f62c6d3ef2756d1186
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 137354182 d0fd14e1622fcacfa5f2f97c40bfcacc
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 6022530 ccf509a6bc5d3085170c8652323f154a
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 115604 279ec84c70acc2f0f6ac757d8ea8314d
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5-0ubuntu0.10.04.1.debian.tar.gz
Size/MD5: 28130 d8f8ce4ec546bf31939df7fb25f0546e
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5-0ubuntu0.10.04.1.dsc
Size/MD5: 2489 ce702764983bfa6366cb29288bcd0a34
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5.orig.tar.gz
Size/MD5: 6727977 09f04985665b9abf6f0d9956f86a6a31
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-common_1.2.5-0ubuntu0.10.04.1_all.deb
Size/MD5: 615060 54a52de598cc1d98ae81293f561cee31
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 139191092 505abba3026374772b005f66c5aa39b4
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 5759808 fe280b0b0c1cfae2ec2f1c42438f6c02
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 125090 add586dd4e7116a3c839d3aff41992c0
http://security.ubuntu.com/ubuntu/pool/universe/w/webkit/gir1.0-webkit-1.0_1.2.5-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 32002 68cb1c3e0122056767f3c8379bc466e9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.10.04.1_i386.deb
Size/MD5: 138266662 9cbe221be706e0a8cfca8bb5f26e7b10
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.10.04.1_i386.deb
Size/MD5: 5143424 7a0471d9588efe065b08e3fb1b8fe4e9
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.10.04.1_i386.deb
Size/MD5: 125092 81aea704572d2052b0764962e82de16a
http://security.ubuntu.com/ubuntu/pool/universe/w/webkit/gir1.0-webkit-1.0_1.2.5-0ubuntu0.10.04.1_i386.deb
Size/MD5: 32000 6bafa9242012aae7a2b89a4ceda5e57b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 138806090 872af69f2a732bfbef0493f2a47ffa2f
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 5402940 c77160e966129af9d018e856af48b72f
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 125086 9fd9e5e5436c39aeecbeb21ee5f84f8b
http://ports.ubuntu.com/pool/universe/w/webkit/gir1.0-webkit-1.0_1.2.5-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 32396 3a217f8e2d292dc99d011474f3f1d4af
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 136606856 c78a87af6d3cbf0ce134155674cbd6c2
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 5158466 c3d03dcf298065146ff55bb036646638
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 125078 5cf9023f9a176b63372eeaa458c00b19
http://ports.ubuntu.com/pool/universe/w/webkit/gir1.0-webkit-1.0_1.2.5-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 32388 5e7796c459061e2effa909b33037f33b
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5-0ubuntu0.10.10.1.debian.tar.gz
Size/MD5: 28946 696566138ed976047955dad9c51532de
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5-0ubuntu0.10.10.1.dsc
Size/MD5: 2458 6c54ab417c58ea8fc7aeb4e023056ec1
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5.orig.tar.gz
Size/MD5: 6727977 09f04985665b9abf6f0d9956f86a6a31
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-common_1.2.5-0ubuntu0.10.10.1_all.deb
Size/MD5: 696876 425ce7560407344b9a0bc967ca8859a4
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 139228160 62a0a9f279f2e4086e2605cf00dcaf99
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 5759738 754ae8a24c22a6deb0d9093c6c3269ef
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 128206 ae712ec8851f357c54d28660d4b6e254
http://security.ubuntu.com/ubuntu/pool/universe/w/webkit/gir1.0-webkit-1.0_1.2.5-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 31662 4b4d0aebf0aa3b908b258581e6ab84be
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.10.10.1_i386.deb
Size/MD5: 138310558 186bca6b898b28bd118560dd74fd62b2
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.10.10.1_i386.deb
Size/MD5: 5132134 804908022424e58a8dd07b1fdee9e3f6
http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.10.10.1_i386.deb
Size/MD5: 129146 6fa207cdf44a3e94dbe1bb2101e86803
http://security.ubuntu.com/ubuntu/pool/universe/w/webkit/gir1.0-webkit-1.0_1.2.5-0ubuntu0.10.10.1_i386.deb
Size/MD5: 31788 f3076772e02b02a46c84de4ad460fb30
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 138818056 19a3a011964bd3931efb6acdc30f8a8e
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 5395890 2d56bd9385a163c2d02acaaa5ec069da
http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 124992 d7efe40fbab12557876cfb7c689f91ae
http://ports.ubuntu.com/pool/universe/w/webkit/gir1.0-webkit-1.0_1.2.5-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 32030 b8baf77562a66d7f2d9a5fdb40f59489
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists